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DOCUMENT- IDENTIFIER: US 6240493 Bl 

TITLE: Method and apparatus for performing access censorship in a data processing 
system 



BSPR: 

In the data processing system art, it is often desirable to be able to protect an 
entire system or selected portions of a system from accesses which are defined as 
unauthorized. As an example, an unauthorized access may be either a read access, 
a write access, or both types of accesses to a memory storage device storing 
program or data information used by the data processing system. In some data 
processing systems an unauthorized access may be defined as an access to a 
particular resource, such as a port on a micro controller integrated circuit, 
that is used to access one or more external integrated circuit terminals. In yet 
other data processing systems, an unauthorized access may be defined as an access 
to a particular resource of the data processing system, such as debug circuitry 
or timing circuitry. Regardless of the resource to be protected, an improved 
approach to protecting against unauthorized accesses was desired. 



DEPR: 

Still referring to FIG. 2, the function of access control circuitry 38 is 
affected by the value of access bit 42, FIC bit 44, and the censor bits [0:1] 
50,51. Although in the embodiment of the present invention illustrated in FIG. 1, 
the access control circuitry 38 and control bits 42, 44, 50 and 51 have been 
illustrated as being located in non-volatile memory module 20, alternate 
embodiments of the present invention may locate these bits and this circuitry in 
any portion of data processing system 10. FIG. 2 illustrates eleven possible 
resulting status states that may be produced by access control circuitry 38 in 
one embodiment of the present invention. Note that alternate embodiments of the 
present invention may define any number of resulting status states, some of which 
are different or the same as the eleven resulting status states defined in FIG. 
2 . 



DEPR: 

If censorship is not performed, the flow continues at decision diamond 113 where 
the force information censorship (FIC) bit 44 is sampled. If the FIC bit 44 is 
set, then the flow continues at decision diamond 114. Similarly, if the censor 
bits [0:1] 50, 51 indicate that censorship is to be checked, the flow likewise 
continues at decision diamond 114. Referring back to decision diamond 113, if the 
FIC bit 44 is not set, then data processing system 10 does not care about access 
control and the flow continues at step 123 where the access is completed in a 
normal fashion. Referring to decision diamond 114, the logic state of access bit 
42 is now checked. This allows the program to bypass the security if desired. If 
the access bit 42 is set, then the program has temporarily allowed access and the 
flow continues at step 123 where the access is allowed to complete normally. 
However, if the access bit 42 is not set, then data processing system 10 still 
cares about censorship and the flow continues at decision diamond 115. 

DEPR: 

Referring to FIGS. 1, 2 and 3, access control bit 42 may be used to customize the 
censorship approach required by various purchasers of data processing system 10. 
Referring to FIG. 3, the various resulting status states determine whether access 
bits 42 may be changed or not. This particular feature is implemented in 
hardware. The purchaser of data processing system 10 may then store an access 
control software program in flash memory 34 or other memory within the system, 
e.g. other memory 18 or memory coupled to external bus 22 (not shown) . This 
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access control software program may then be used to customize when an unlimited 
or uncensored access is provided to data processing system 10. Thus, purchasers 
of data processing system 10 may use the access bit 42 in combination with an 
access control program written by that purchaser to determine when to disable 
censorship so that the purchaser may access all resources within data processing 
system 10 (e.g. when a product is being field serviced or when the contents of 
flash memory 34 are being verified) . Note that in one embodiment of the present 
invention, censor bits [0:1] 50, 51, in conjunction with intrusion latch 32, are 
the mechanisms that are used to prevent all intrusive accesses by the end user. 

DEPR: 

In one embodiment of the present invention, when data processing system 10 is 
provided to a purchaser after manufacture, all accesses to all systems within 
data processing system 10 are allowed. This means that the purchaser of data 
processing system 10 is able to program flash memory 34. In addition to a user 
application program stored in flash memory 34, the purchaser of data processing 
system 10 will also want to store an access control program in flash memory 34 to 
control the asserting and negating of access bit 42 . The purchaser of data 
processing system 10 will then want to verify the contents of flash memory 34 and 
may use the FIC bit 44 to verify the access control portion of the program stored 
in flash memory 34. The purchaser of data processing system 10 may then program 
censor bits 50, 51 to provide the required level of censorship desired for the 
end user. Note that the censorship scheme as described in this document provides 
a mechanism to prevent' intrusive or non-allowed accesses by an end user while 
still allowing the purchaser of data processing system 10 to access the 
disallowed resources within data processing system 10 (e.g. flash memory 34) . 
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